Key Escrow Overview
tiCrypt employs a comprehensive security model where all resources are encrypted using AES-256 encryption, complemented by public-key cryptography for key management. Each user possesses a private key to decrypt their specific encryption key. If a user's key is lost or withheld, the data becomes irretrievable due to the encryption.
To address potential key loss or legal requirements for data access, tiCrypt integrates a key escrow system that enables the recovery of user private keys, thereby restoring data access. This document outlines the principles and structure of tiCrypt's key escrow system.
Design Principles
- Cryptographic Security: Utilization of encryption and digital signatures is prioritized over access control lists.
- Separation of Duties: Key recovery processes require multiple authorized individuals to prevent unauthorized access if a user's credentials are compromised.
- Limited Administrator Role: System and tiCrypt administrators have minimal involvement in key recovery to enhance backend security.
Roles in Key Escrow
- Escrow Users: Perform tasks like sharing key segments and recovering keys. They require all parts of a key to initiate recovery.
- Site-Key Administrator: Assigns and organizes escrow user roles into groups.
- tiCrypt Administrators: Execute the escrow process as authorized by the site-key administrator.
Escrow Process
- Initiation: tiCrypt administrators activate escrow by setting a user's state to 'Escrow On Login.'
- Key Decryption: Occurs when a user logs in and their private key is decrypted.
- Key Generation: A random AES-256 key is generated for each escrow group.
- Master Key Creation: A master AES-256 key is formed by combining all group keys.
- Encryption and Storage: The user's private key is encrypted with the master key and stored on tiCrypt's backend.
- Key Sharing: Each group key is cryptographically divided among the escrow users within the group and securely stored on the backend.
De-Escrowing
- Key Recovery: Escrow users retrieve and reconstruct the master AES-256 key by piecing together their respective group keys.
- Decryption: The master key decrypts the stored user's private key, which is then used to access the encrypted data.
Participation Requirement
One member from each escrow group must partake in the key recovery to ensure multi-party verification and security.
This structured approach ensures that tiCrypt's key escrow system not only meets the security thresholds and adheres to regulatory compliance requirements but also provides a robust fail-safe for data recovery in extreme scenarios, offering reassurance to our users and clients.
If all escrow users in a group are unable or unwilling to participate in key de-escrowing, the private key cannot be recovered. This underscores the crucial role each user plays in ensuring the security and recovery of their data, instilling a sense of responsibility and security.
One user from each escrow group needs to participate in key recovery.